Time Warner Road Runner, Linux, and large IPv6 subnets

Although Time Warner Cable is now Spectrum and wide-dhcpv6 is quite old, this post is still what I’m using today (in 2019)! I’ve written about how to get larger IPv6 subnets from Time Warner Cable’s Road Runner service on a Mikrotik router before, but I’ve converted to using a Linux server as my router for my home. Getting the larger /56 IPv6 subnet is a little tricky and it’s not terribly well documented....

2015-09-11 · 4 min · Major Hayden

Build a network router and firewall with Fedora 22 and systemd-networkd

This post originally appeared on the Fedora Magazine blog. One of my favorite features of Fedora 22 is systemd-networkd and all of the new features that came with it in recent systemd versions. The configuration files are easy to read, bridging is simple, and tunnels are resilient. I’ve recently started using a small Linux server at home again as a network router and firewall. However, I used systemd-networkd this time and had some great results....

2015-08-27 · 5 min · Major Hayden

Trust an IP address with firewalld’s rich rules

Managing firewall rules with iptables can be tricky at times. The rule syntax itself isn’t terribly difficult but you can quickly run into problems if you don’t save your rules to persistent storage after you get your firewall configured. Things can also get out of hand quickly if you run a lot of different tables with jumps scattered through each. Why FirewallD? FirewallD’s goal is to make this process a bit easier by adding a daemon to the mix....

2014-11-24 · 2 min · Major Hayden

Securing your ssh server

One of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?” There’s no single right answer, but most systems administrators combine multiple techniques to provide as much security as possible with the least inconvenience to the end user. Here are my favorite techniques listed from most effective to least effective: SSH key pairs By disabling password-based authentication and requiring ssh key pairs, you reduce the chances of compromise via a brute force attack....

2010-10-12 · 4 min · Major Hayden